Tighten GITHUB_TOKEN permissions

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2024-11-20 15:44:02 +00:00
parent 5cdcf44b6f
commit 03a1d89785
32 changed files with 69 additions and 10 deletions
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -26,6 +26,8 @@ env:
    # fetchdep.sh needs to know our PR number
    PR_NUMBER: ${{ github.event.pull_request.number }}

+permissions: {}
+
 jobs:
    jest:
        name: Jest
@@ -94,6 +96,8 @@ jobs:
        needs: jest
        if: always()
        runs-on: ubuntu-24.04
+        permissions:
+            checks: write
        steps:
            - if: needs.jest.result != 'skipped' && needs.jest.result != 'success'
              run: exit 1